"From a Qubes OS perspective, the approach I would prefer is to first get Qubes OS working on seL4, with the control plane running in a Linux VM as it does now. This is definitely less than optimal, but it is likely the quickest way to get Qubes on seL4 working at all, and therefore the solution that is the most likely to actually be finished. "
I agree. The main goal here is to have something that can run. " Over time, more and more of the code can be replaced by native seL4 components as those components become available. " Absolutely. In fact, this is the most painful and time consuming task. "For instance, the firewall is currently based on Linux, but it is a stand-alone component that already has an alternative implementation based on MirageOS. Therefore, it would be an excellent candidate for replacement with a firewall running natively on seL4." Yes. Sounds very good as the firewall is huge attack surface (due to TCP/IP stack) and running it natively in seL4 looks like one of the very first steps. El mar, 9 ago 2022 a las 0:46, Demi Marie Obenour (< d...@invisiblethingslab.com>) escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On Mon, Aug 08, 2022 at 03:24:51PM +0200, Hugo V.C. wrote: > > You are absolutely rigth Demi. Anyway, I think the point here is not to > > "switch" from Xen to seL4, which is an giant task, but to start > > "something", some port of QubesOS, based on seL4. Obviously, it will lack > > most features, bad hardware support, etc, but I guess that as soon > there's > > something that can be run, the community will slowly add effort to such > > project. If you remember the first versions of Linux, desktop support was > > horrible... But at some point there should be people starting new > > challenging stuff. I don't think we can have a QubesOS based on seL4 at > > short term, but if we start now, it can be a reality in few years. I can > > smell lot of interest on it... > > - From a Qubes OS perspective, the approach I would prefer is to first get > Qubes OS working on seL4, with the control plane running in a Linux VM > as it does now. This is definitely less than optimal, but it is likely > the quickest way to get Qubes on seL4 working at all, and therefore the > solution that is the most likely to actually be finished. Over time, > more and more of the code can be replaced by native seL4 components as > those components become available. For instance, the firewall is > currently based on Linux, but it is a stand-alone component that already > has an alternative implementation based on MirageOS. Therefore, it > would be an excellent candidate for replacement with a firewall running > natively on seL4. > - -- > Sincerely, > Demi Marie Obenour (she/her/hers) > Invisible Things Lab > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmLxkk0ACgkQsoi1X/+c > IsH9Kg//U+FlcwVOtDXGfjJI2WCkRrLFbIC2Mvh6k1/m+f+aGtc7jvqj0xAFXxm3 > JpvIYgil2LGGsdpC3dvyTH+7xqGQUVgzcYYyJDwbdRv0gBau1T+z3xkagYvOE1E8 > 94aEHLmvZV6GvXZ+6LdwZjkLgOQ0qnupOSkOJtmNW86tZdXC99u6cGhszejrCSG7 > GzlWPaXfP7Niy16RA9QOf4nSusXvpetQwNhzTBvn1y2XrcnvitV9MNyhp23uyWMI > 4VCMaA4tYbxyZdH0whQEpjrc75S2j/ewNuuiZ3VVnkOPxid0XG8UCsLGpWtoMIak > /pO/JkZ25QuHAJv5ef4JpmDD5EO410vzrs70yswEb9Xcb6Fr+RnyCLmutAS1mpan > zQs31KSXVOe0R5glO3p28wpkXLO80hjYrjVITnNknWv+uujHIGE1LiF8yRFaWMNa > XpAUnKcTIBSqr/VkRwphBWRHkXMxKUBFbYBwV3WaUJ0fqOsGpUD4wLpLpE6N6Lb9 > hRRfdM6raJ5LXNiSuheGKCh2Hxb5WejbQCH9vSCxd0Ew6j5NZf21YY84iykT47aR > dO+o2XF04s4lfeBUhd8zMTSrKA6zIyAVdbtYfThT+ONXQd15YkkLWm0f7UJBCx4X > kEsgYlCHXdJIQ9mkJZI4WIGRXO39sW+NCe3bs9w/YYwuVhmQKqg= > =BkM1 > -----END PGP SIGNATURE----- > _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
